Clik here to view.
shellstack – a Simple Backdoor Management System.
ShellStack is a PHP based backdoor management tool. This Tool comes handy for “HACKERS” who wish to keep a track of every website they hack. The tool generates a backdoor file which you just have to...
View ArticleClik here to view.
Vanquish – Multithreaded scanning and enumeration automation platform.
Vanquish is a Multithreaded Kali Linux scanning and enumeration automation platform. Designed to systematically enumerate and exploit using the law of diminishing returns. Includes : – Nmap Scanning –...
View ArticleClik here to view.
lambhack – A very vulnerable serverless application in AWS Lambda.
lambhack A vulnerable serverless lambda application. This is certainly a bad idea to base any coding patterns of what you see here. lambhack allows you to take advantage of our tried and true...
View ArticleClik here to view.
OSRFramework v0.16.8 – an Open Sources Intelligence Gathering Research...
Changelog OSRFramework v0.16.8, 2017/06/22: — Important update on the setup.py to verify whether the .local/bin folder is in the path. — Fix issue #187: Review installation with –user in Linux systems...
View ArticleClik here to view.
Cross Site History Manipulation Payload Generator – XSHM.
Cross-Site History Manipulation (XSHM) is a SOP (Same Origin Policy) security breach. SOP is the most important security concept of modern browsers. SOP means that web pages from different origins by...
View ArticleClik here to view.
AQUATONE is a set of tools for performing reconnaissance on domain names.
AQUATONE is a set of tools for performing reconnaissance on domain names. It can discover subdomains on a given domain by using open sources as well as the more common subdomain dictionary brute force...
View ArticleClik here to view.
XSStrike is a python which can fuzz and bruteforce parameters for XSS.
XSStrike is a python which can fuzz and bruteforce parameters for XSS. It can also detect and bypass WAFs. Dependencies: + Python 2.7.x + colorama, mechanize python module. Todo: After you enter your...
View ArticleClik here to view.
NECTOR is a powerful framework used in the collection, analysis, & sharing of...
The purpose of NECTOR is to increase security awareness among institutions by demonstrating potential security vulnerabilities. NECTOR is a powerful and expandable framework used in the collection,...
View ArticleClik here to view.
pcileech – Direct Memory Access (DMA) Attack Software.
PCILeech uses PCIe hardware devices to read and write from the target system memory. This is achieved by using DMA over PCIe. No drivers are needed on the target system. PCILeech supports multiple...
View ArticleClik here to view.
BetterCap v1.6.2b – A complete, modular, portable and easily extensible MITM...
Changelog bettercap v1.6.2b: New Features * Huge improvement on HTTPS parser, now it parses TLS Client Hello messages with SNI extension in order to extract the real hostname. * Removed IPv6 specific...
View ArticleClik here to view.
Brosec v1.3.0.3 – An interactive reference tool to help security...
changelog brosec v1.3.0.3 (June 30, 2017): * Minor Fix & Enhancement + Added new payloads to wmic (bros 34) + Added netsh proxy command to bros 33 + Added multiple COM Scriplet payloads (credit to...
View ArticleClik here to view.
Dr0p1t Framework v1.3 – A framework that creates an advanced FUD dropper with...
Changelog Dr0p1t-Framework v1.3: A huge update to fix and make improvements like : – [Feature] Adding spoof extension feature so now you can change the file extension and icon to make it full spoof –...
View ArticleClik here to view.
Zeus – AWS Auditing & Hardening Tool.
Zeus is a powerful tool for AWS EC2 / S3 best hardening practices. It checks security settings according to the profiles the user creates and changes them to recommended settings based on the CIS AWS...
View ArticleClik here to view.
Pentesting-Multitool ~ Different utility scripts for pentesting and hacking.
Pentesting-Multitool project arises from the need to gather some pentesting tools into one tool. It will be developed using Python3 adding some external libraries as DNSPython, pythonwhois or scapy....
View ArticleClik here to view.
webfp-crawler-phantomjs ~ tool to create dataset for testing Website...
webfp-crawler-phantomjs is A python crawler for crawling Tor and collect network traces using wireshark. Used to create dataset for testing Website Fingerprinting (WF) attacks on Tor. Requirements: +...
View ArticleClik here to view.
scythian – Vulnerability Assessment and Penetration Testing Toolkit.
scythian is a set of scripts included in this package will create a Kali type environment for the performing of Vulnerability Assessments and Penetration Testing. The goal of this project was to allow...
View ArticleClik here to view.
udp samplicator – Send copies of (UDP) datagrams to multiple receivers, with...
UDP Samplicator is a small program receives UDP datagrams on a given port, and resends those datagrams to a specified set of receivers. In addition, a sampling divisor N may be specified individually...
View ArticleClik here to view.
XRay is a tool for reconnaissance, mapping and OSINT gathering from public...
XRay is a tool for network OSINT gathering, its goal is to make some of the initial tasks of information gathering and network mapping automatic. How Does it Work? XRay is a very simple tool, it works...
View ArticleClik here to view.
The Social-Engineer Toolkit (SET) v7.7 Codename: ‘blackout’.
changelog SET(social-engineer-toolkit) v7.7: * rewrote grab_ipaddress() function to be a centralized routine that incorporates hostnames or IP addresses. * rewrote grab_ipaddress() to include automatic...
View ArticleClik here to view.
s3-fuzzer ~ Command-line AWS S3 Fuzzer.
s3-Fuzzer is golang scripting for aws s3 fuzzer. Why? Recently, a security researcher uncovered massive data leaks on AWS S3, like; +...
View Article